CN104798339A - Key generation device, key generation program, secret search system, and key distribution method - Google Patents

Key generation device, key generation program, secret search system, and key distribution method Download PDF

Info

Publication number
CN104798339A
CN104798339A CN201380059312.3A CN201380059312A CN104798339A CN 104798339 A CN104798339 A CN 104798339A CN 201380059312 A CN201380059312 A CN 201380059312A CN 104798339 A CN104798339 A CN 104798339A
Authority
CN
China
Prior art keywords
key
parameter
trapdoor
generating
keyword
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201380059312.3A
Other languages
Chinese (zh)
Other versions
CN104798339B (en
Inventor
服部充洋
平野贵人
伊藤隆
松田规
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mitsubishi Electric Corp
Original Assignee
Mitsubishi Electric Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mitsubishi Electric Corp filed Critical Mitsubishi Electric Corp
Publication of CN104798339A publication Critical patent/CN104798339A/en
Application granted granted Critical
Publication of CN104798339B publication Critical patent/CN104798339B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/42Anonymization, e.g. involving pseudonyms

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Analysis (AREA)
  • Algebra (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

A public parameter PK is key information used in a secret search system (1000) having: a transmission device (100) generating and sending an encryption tag which is an encrypted keyword; a server (200) receiving and storing the encryption tag and conducting a secret search in response to a request for the secret search; and a reception device (300) generating a trapdoor which corresponds to a digital signature of the keyword and as well data requesting the secret search, sending the trapdoor to the server (200), and receiving a search result. The public parameter PK includes a true public parameter PP and a protection key PK'. The transmission device (100) and the reception device (300) require both the true public parameter PP and the protection key PK'; however, the server (200) does not require the protection key PK'. The key generation device generates separately the true public parameter PP and the protection key PK' included in the public parameter PK.

Description

Key generating device, key generation procedure, confidential search system and cipher key distribution method
Technical field
The present invention relates to the key generating device of the key used in the confidential search system of execution concealment retrieval, confidential search system, key generation procedure and cipher key distribution method.
Background technology
In the field of public key encryption (PKC:Public Key Cryptography), as the technology directly can carrying out key search after encryption, be known to retrieve public key encryption (PEKS:Public-keyEncryption with Keyword Search) (such as non-patent literature 1).Below, public key encryption can be retrieved and be denoted as PEKS.
This PEKS such as realizes following application.Consider the situation that " sender sends the data file comprising confidential information to recipient via external data base (hereinafter referred to as " server ") " is such.That is, following situation is considered: sender is to server uploading data file, and recipient downloads necessary data file by key search from server.Here, sender and recipient wish to share data file and keyword both sides in the ignorant situation of server.
Recipient prepare in advance the public-key cryptography to (using in the encryption of data file body, deciphering) and PEKS of the public-key cryptography of public key encryption and privacy key and privacy key to (using in the encryption of keyword, the generation of retrieval inquiry).Then, recipient discloses each public-key cryptography.
Sender uses the public-key cryptography of the public key encryption of recipient to be encrypted data file, generates the ciphertext of data file.And sender uses the public-key cryptography of PEKS to be encrypted keyword, generate the ciphertext of keyword.Below, the ciphertext of the keyword using the public-key cryptography of PEKS to generate is called " encoded tag ".The ciphertext of data file is uploaded onto the server by sender together with encoded tag.
Recipient uses the privacy key of PEKS to generate the data suitable with the digital signature of keyword.Below, the data suitable with the digital signature of keyword using the privacy key of PEKS to generate are called " trapdoor (trap door) ".This trapdoor is sent to server as retrieval inquiry by recipient.Server uses the trapdoor received to carry out concealment retrieval to the ciphertext of the entire data files in database encoded tag separately.Then, server is sent in the ciphertext of the data file of hit (hit) in concealment retrieval to recipient.
Like this, when the hosted outside application realizing enciphered data, PEKS plays essential.
Prior art document
Patent documentation
Patent documentation 1: Japanese Unexamined Patent Publication 2011-141472 publication
Patent documentation 2: No. WO2012/098649, International Publication
Non-patent literature
Non-patent literature 1:Dan Boneh, Giovanni Di Crescenzo, Rafail Ostrovsky and GiuseppePersiano, " ublic Key Encryption with Keyword Search; " Eurocrypt 2004, Lecture Notesin Computer Science, vol.3027, pp.506-522,2004.
Non-patent literature 2:Jonathan Katz, Amit Sahai and Brent Waters, " Predicate EncryptionSupporting Disjunctions; Polynomial Equations, and Inner Products, " Eurocrypt 2008, Lecture Notes in Computer Science, vol.4965, pp.146-162,2008.
Non-patent literature 3:Tatsuaki Okamoto and Katsuyuki Takashima, " AdaptivelyAttribute-Hiding (Hierarchical) Inner Product Encryption; " Eurocrypt 2012, LectureNotes in Computer Science, vol.7237, pp.591-608,2012.
Non-patent literature 4:Mitsuhiro Hattori, Takato Hirano, Takashi Ito, Nori Matsuda, TakumiMori, Yusuke Sakai and Kazuo Ohta, " Ciphertext-Policy Delegatable Hidden VectorEncryption and Its Application to Searchable Encryption in Multi-user Setting; " IMAInternational Conference on Cryptography and Coding, Lecture Notes in ComputerScience, vol.7089, pp.190-209,2011.
Non-patent literature 5:Emily Shen, Elaine Shi and Brent Waters, " Predicate Privacy inEncryption Systems; " Theory of Cryptography Conference 2009, Lecture Notes inComputer Science, vol.5444, pp.457-473,2009.
Non-patent literature 6:Mototsugu Nishioka, " Perfect Keyword Privacy in PEKS Systems, " ProvSec 2012, Lecture Notes in Computer Science, vol.7496, pp.175-192,2012.
Summary of the invention
The problem that invention will solve
About PEKS, before this large quantity research is carried out to the fail safe of the encoded tag in the data relevant with keyword and encoded tag and trapdoor, and it is also proposed the mode meeting fail safe in a large number.Such as, in patent documentation 1, patent documentation 2 and non-patent literature 1 ~ non-patent literature 4, propose the security model determining " under these circumstances encoded tag whether safety " after the various environments for use of hypothesis PEKS.Further, the mode that can prove fail safe in this security model with mathematical way is proposed.
But, about another data i.e. " trapdoor ", except non-patent literature 5, non-patent literature 6, the motion of the research almost not carrying out fail safe and the mode meeting this fail safe.
In non-patent literature 5, disclosing following method: there is no full disclosure public-key cryptography, guaranteeing the fail safe of trapdoor by carrying out the process identical with privacy key.But not having full disclosure public-key cryptography and carry out the process identical with privacy key to mean, can only be utilize in the such application of identical personage sender and recipient.Therefore, there is available application to be subject to limiting such problem.
Further, in non-patent literature 6, disclose use safety injection map the method that (secure injective-function) guarantees the fail safe of trapdoor.But the method can only be applied to the completely the same retrieval of single keyword, existence cannot be applied to the AND/OR shown in non-patent literature 2 and non-patent literature 3 and retrieve such problem.
The present invention completes to solve above-mentioned problem just, and one of its object is, is provided for the conventional method of the fail safe guaranteeing trapdoor in PEKS.
For solving the means of problem
The feature of key generating device of the present invention is, this key generating device has:
1st generating unit, it generates the key information used in confidential search system and namely discloses the very openly parameter PP comprised in parameter PK; And
2nd generating unit, it separates with the described very openly parameter PP generated by described 1st generating unit the Protective Key PK ' generating and comprise in described open parameter PK,
Described confidential search system has:
Dispensing device, its generate and send enciphered data and for retrieve described enciphered data encryption after keyword and encoded tag;
Server unit, it receives described enciphered data from described dispensing device and described encoded tag carries out keeping, and, perform described concealment retrieval according to the request of concealment retrieval; And
Receiving system, it generates trapdoor and sends it to described server unit, the result of described concealment retrieval is received from described server unit, this trapdoor is the data suitable with the digital signature of described keyword, and be the data of the described concealment retrieval to enciphered data described in described server unit request
Described key information comprises:
At described dispensing device, described keyword is encrypted, described receiving system uses when generating described trapdoor described very openly parameter PP; And
At described dispensing device, described keyword is encrypted, described receiving system generates described trapdoor, described server unit carry out described concealment retrieval time use described Protective Key PK '.
Invention effect
Key generating device of the present invention separately generates the very openly parameter PP and Protective Key PK ' comprised in open parameter, therefore, it is possible to improve the fail safe of trapdoor.
Accompanying drawing explanation
Fig. 1 is the structure chart of the confidential search system 1000 of execution mode 1.
Fig. 2 is the figure that the open parameter PK of execution mode 1 and the structure of main privacy key SK are shown.
Fig. 3 is the flow chart of encryption (Enc) algorithm used in the generation of the encoded tag of execution mode 1.
Fig. 4 is the flow chart of secret generating (GenKey) algorithm used in the generation of the trapdoor of execution mode 1.
Fig. 5 is the flow chart of deciphering (Dec) algorithm used in the concealment retrieval of the server 200 of execution mode 1.
Fig. 6 is the flow chart issuing the dissemination method of open parameter PK etc. from recipient 300 to sender 100 and server 200 that execution mode 1 is shown.
Fig. 7 is the figure of the key information of use in the generation of the encoded tag gathering execution mode 1, the generation of trapdoor and concealment retrieval.
Fig. 8 is the figure of the sheet form of the key information of use in the generation of the encoded tag gathering execution mode 1, the generation of trapdoor and concealment retrieval.
Fig. 9 is the block diagram of the key generating device 310-1 of execution mode 1.
Figure 10 is the block diagram of the key generating device 310-2 of execution mode 1.
Figure 11 is the block diagram of the key generating device 310-3 of execution mode 1.
Figure 12 is the figure of the guide look of the algorithm illustrated when encrypting algorithm when utilizing about non-patent literature 2 and non-patent literature 3 as function type and utilize as PEKS in execution mode 2.
Figure 13 is the figure that the open parameter PK of execution mode 2 and the structure of main privacy key SK are shown.
The flow chart of encryption (Enc) algorithm that Figure 14 uses when being the generation encoded tag of execution mode 2.
Figure 15 is the flow chart of secret generating (GenKey) algorithm used in the generation of the trapdoor of execution mode 2.
Figure 16 is the flow chart of deciphering (Dec) algorithm used in the concealment retrieval of the server 200 of execution mode 2.
Figure 17 is the figure of the outward appearance of the dispensing device 100, receiving system 300 etc. that execution mode 3 is shown.
Figure 18 is the figure of the hardware configuration of the dispensing device 100, receiving system 300 etc. that execution mode 3 is shown.
Embodiment
Below, by illustrating that execution mode is described particular content of the present invention.In execution mode 1, disclose the method guaranteeing the fail safe of trapdoor in the PEKS recorded at non-patent literature 2.In execution mode 2, disclose in the function type encryption utilizing non-patent literature 3 to record as the method for fail safe guaranteeing trapdoor when PEKS.
First, common structure in each execution mode of following explanation is described.
Fig. 1 is the structure chart of confidential search system 1000 common in each execution mode.
(1) sender 100-1 ~ sender 100-n represents the generation person of encoded tag.Here, n is arbitrary integer, represents the quantity of the sender generating encoded tag in PEKS.In addition, the entity of sender 100-1 ~ sender 100-n is the dispensing device that sender uses.Thus, sender 100-1 ~ 100-n means the dispensing device of 1 ~ n that these senders use.Below, sometimes sender 100-1 ~ 100-n is denoted as dispensing device 100-1 ~ 100-n.Further, when not needing to distinguish each sender (each dispensing device), sender 100 (dispensing device 100) done in brief note.
(2) recipient 300 represents the generation person of public-key cryptography, main privacy key, trapdoor.In addition, the entity of recipient 300 is receiving systems that recipient 300 uses.Thus, recipient 300 means the receiving system that recipient 300 uses.Below, sometimes recipient 300 is denoted as receiving system 300.
(3) server unit 200 (hereinafter referred to as server 200) represents external data base.They connect via the networks such as internet 400.
(4) as shown in Figure 1, confidential search system 1000 has dispensing device 100-1 ~ 100-n, server 200 and receiving system 300.
In addition, when using PEKS to realize the hosted outside application of enciphered data, sender 100-1 ~ sender 100-n becomes the sender of enciphered data, and recipient 300 becomes the recipient 300 of enciphered data.Further, server 200 is external data base.Server 200 is from sender 100 trustship enciphered data and encoded tag.Server 200 is for the concealment retrieval request (trapdoor) sent from recipient 300, use the trapdoor sent from recipient 300 and the open parameter PK issued from recipient 300 (being the very openly parameter PP open parameter PK in fact as described in Figure 6) to perform concealment retrieval, the enciphered data of hitting in retrieval is returned to recipient 300.
In addition, here, in order to easy, only suppose that recipient 300 is the situation of 1 people, but, also can be configured to there is multiple recipient 300.In this situation, there is the method that each recipient implements separately aftermentioned installation algorithm (Fig. 2).And, as the expansion of PEKS, by utilizing the method comprising the algorithm of schichtenaufbau as hierarchical inner product predicate encryption (HierarchicalInner-product Encryption), be that the situation of 1 people is same with recipient, the hosted outside application of enciphered data can be realized.
Execution mode 1
In execution mode 1, disclose the method guaranteeing the fail safe of trapdoor in the PEKS recorded at non-patent literature 2.First, the part relevant with present embodiment 1 in the algorithm of the PEKS that non-patent literature 2 is recorded is described.In addition, below, if mentioned " algorithm of the PEKS that non-patent literature 2 is recorded ", then refer to the algorithm of the predicate-only version that Section 4 " Our Main Construction " of non-patent literature 2 is recorded.In the Appendix B joint of non-patent literature 2, as " A Full-Fledged Predicate Encryption Scheme ", record algorithm when making the algorithm development of Section 4 and encrypt as so-called function type, but, those skilled in the art can easily understand, the algorithm of Section 4 when being used as PEKS.
Fig. 2 illustrates the structure of installation algorithm in the algorithm performing the PEKS that non-patent literature 2 is recorded and the open parameter PK that generates and main privacy key SK.
In fig. 2,
(1) p, q, r represent prime number respectively.
(2) G represents and can carry out pairing computing e^:G × G → G telliptic curve on the cyclic group of figure place N=pqr.
(3) G trepresent the cyclic group of the figure place N after pairing computing.
(4) e^ represents pairing computing.
(5) g p, g q, g rrepresent that " figure place is respectively the G of p, q, r p, G q, G r" the generator of partial group.
(6) R 0represent group G rthe upper key element evenly selected at random.
(7) { h 1, i, h 2, i} i=1 ..., nrepresent group G pthe upper key element evenly selected at random.
Here, the dimension of the predicate vector used when n represents and generates encoded tag and generate trapdoor.
(8) { R 1, i, R 2, i} i=1 ..., nrepresent group G rthe upper key element evenly selected at random.
In the algorithm of the PEKS of non-patent literature 2 record, share premised on the information of the disclosure parameter PK to utilize whole entities of PEKS (in the example in fig 1, being sender 100-1 ~ 100-n, server 200, recipient 300).As described later, the algorithm utilized when server 200 performs concealment retrieval is deciphered in (Dec) algorithm, uses the information of open parameter PK.
The feature of execution mode 1 is the method to the open parameter PK of each entity issued.That is, the object of execution mode 1 is, is guaranteed the fail safe of trapdoor by the dissemination method studying open parameter PK.Its details utilizes the explanation of Fig. 6 to describe later.
In addition, as shown in Figure 2, in order to carry out explanation below, in present embodiment 1, by " N, G, G t, e^ " part be called very openly parameter PP, by remaining structural element i.e. " g p, g r, Q, { H 1, i, H 2, i} n i=1 ..., n" part be called Protective Key PK '.
That is, the open parameter PK that the installation algorithm utilizing non-patent literature 2 to record generates is formed by really disclosing parameter PP and Protective Key PK '.The difference of open parameter PP and Protective Key PK ' is known by explanation below.
(generation of encoded tag)
Then, the algorithm using Fig. 3 to illustrate that in the algorithm of the PEKS that non-patent literature 2 is recorded, sender 100 utilizes when generating encoded tag encrypts the order of (Enc) algorithm.Therefore, the subject of the action of Fig. 3 is sender's (dispensing device).When generating encoded tag, sender 100 uses the open parameter PK (PP and PK ' both sides) issued from recipient 300 to generate encoded tag.
Fig. 3 is the flow chart of the order that encryption (Enc) algorithm is shown.
In figure 3, sender 100 wishes property vector x =(x 1, x 2..., x n) ∈ Z n nbe encrypted and generate encoded tag.
Here, property vector x ∈ Z n nbeing the data corresponding with the keyword that will encrypt, is according to carrying out the content of the retrievals such as completely the same retrieval, AND retrieval, OR retrieval and the data that take various forms.Such as when the completely the same retrieval of 1 keyword, x =(1, keyword).
In addition, Z nrepresent the set of the integer of 0 ~ N-1.
Further, above-mentioned x " keyword " in=(1, keyword) is the keyword after integer, and other situation described later is also same.
(1) in figure 3, first, in step S301, sender 100 is from Z nmiddle Stochastic choice s, α, β.
(2) then, in step s 302, sender 100 is from group G rmiddle Stochastic choice
[several 1]
{ R 3 , i , R 4 , i } i = 1 n
(3) last, in step S303, sender 100 exports
[several 2]
C = ( C 0 = g p s , { C 1 , i = H 1 , i s Q αx i , R 3 , i , C 2 , i = H 2 , i s Q βx i R 4 , i } i = 1 n ) As encoded tag.
In the order of encryption (Enc) algorithm shown in Fig. 3, when performing step S301 or step S302, need open parameter PK.Particularly when performing step S302, need the Protective Key PK ' in open parameter PK=(PP, PK ').
(generation of trapdoor)
Then, use Fig. 4 that the order of the algorithm that in the algorithm of the PEKS that non-patent literature 2 is recorded, recipient 300 utilizes when generating trapdoor and secret generating (GenKey) algorithm is shown.Therefore, the subject of the action of Fig. 4 is recipient's (receiving system).Recipient 300 uses the open parameter PK shown in Fig. 2 (PP, PK ' both sides) and main privacy key SK to generate trapdoor.
Fig. 4 is the flow chart of the order that secret generating (GenKey) algorithm is shown.
In the diagram, recipient 300 wishes predicate vector v =(v 1, v 2..., v n) ∈ Z n ncarry out digital signature and generate trapdoor.
Here, predicate vector v ∈ Z n nbeing the data corresponding with the keyword that will retrieve, is according to carrying out the content of the retrievals such as completely the same retrieval, AND retrieval, OR retrieval and the data that take various forms.
Such as when the completely the same retrieval of 1 keyword, v =(keyword, N-1).
(1) in the diagram, first, in step S401, recipient 300 is from Z pmiddle Stochastic choice
[several 3]
{ r 1 , i , r 2 , i } i = 1 n
(2) then, in step S402, recipient 300 is from G rmiddle Stochastic choice R 5.
(3) then, in step S403, recipient 300 is from Z qmiddle Stochastic choice f 1, f 2.
(4) last, in step s 404, recipient 300 exports
[several 4]
SK v → = ( K = R 5 Q 6 Π i = 1 n h 1 , i - r 1 , i h 2 , i - r 2 , i , { K 1 , i = g p r 1 , i g q f 1 v i , K 2 , i = g p r 2 , i g q f 2 v i } i = 1 n ) As trapdoor.
(the concealment retrieval of server 200)
Then, the algorithm using Fig. 5 to illustrate that server 200 utilizes when performing concealment retrieval deciphers the order of (Dec) algorithm.Therefore, the subject of the action of Fig. 5 is server 200.In the concealment retrieval of server 200, server 200, according to send from recipient trapdoor, performs concealment retrieval respectively to the multiple encoded tags sent from multiple sender.When this concealment is retrieved, as described later, the very openly parameter PP in open parameter PK is needed.In other words, as shown in Figure 2, open parameter PK comprises very openly parameter PP and Protective Key PK ', but, Protective Key PK ' can be there is no in the concealment retrieval of server 200.
Fig. 5 is the flow chart of the order that deciphering (Dec) algorithm is shown.
(1) in Figure 5, first, in step S501, server 200 calculates
[several 5]
T = e ^ ( C 0 , K ) Π i = 1 n e ^ ( C 1 , i , K 1 , i ) e ^ ( C 2 , i , K 2 , i )
(2) then, in step S502, server 200 judges whether it is T=1.If T=1, then in step S503, return 1 and terminate.If not T=1, then in step S504, return 0 and terminate.
(PP, PK ' difference benchmark)
In the order of this deciphering (Dec) algorithm, need open parameter PK when performing step S501.
But the part of the parameter of the needs very openly parameter PP just openly in parameter PK=(PP, PK '), does not need the part of Protective Key PK '.This is the difference benchmark of the very openly parameter PP and Protective Key PK ' shown in Fig. 2.That is, Protective Key PK ' refer in the composition of open parameter PK need in cryptographic algorithm (sender generates encoded tag and recipient generates trapdoor) but in the decipherment algorithm concealment of the server (retrieval) unwanted composition.Further, very openly parameter PP refers to the composition needed in cryptographic algorithm and decipherment algorithm both sides in the composition of open parameter PK.
Above the part relevant with present embodiment 1 in the algorithm of the PEKS that non-patent literature 2 is recorded is illustrated.
Then, Fig. 6 is used to be described the dissemination method (cipher key distribution method) to the open parameter PK of each entity issued in present embodiment 1.Fig. 6 is the flow chart issuing the distribution order of open parameter PK from recipient 300 to sender 100 and server 200 illustrated in present embodiment 1.
(recipient 300)
(1) first, in step s 601, recipient 300 generates open parameter PK=(PP, PK ') by installing algorithm.The installation algorithm that the concrete generation method disclosing parameter PK is recorded based on non-patent literature 2.Further, very openly the difference of parameter PP and Protective Key PK ' is described above.(2) then, in step S602, recipient 300 issues open parameter PK to sender 100-1 ~ 100-n.Now, preferably can not reveal with Protective Key PK ' and issue to the method for server 200.(a), (b) below such as existing in this dissemination method.
In addition, in Fig. 9 ~ Figure 11 when key generating device 310-1 described later etc., also can with the state making very openly parameter PP and Protective Key PK ' separate to issue open parameter PK.
A () directly supplies the method for Protective Key PK ' off-line manner to sender.Such as be stored in the method for also directly giving whole sender 100 in the storage mediums such as IC-card.
(b) or, there is the method etc. disclosing Protective Key PK ' in the electronic notice board on the network that can read only sender 100.Sender 100 obtains Protective Key PK ' by electronic notice board.
(3) last, in step S603, recipient 300 issues the very openly parameter PP in open parameter PK to server 200.When issuing to server 200, do not need specially to prevent from revealing.
(sender 100)
In step s 611, each sender 100-1 ~ 100-n receives open parameter PK from recipient 300.The open parameter PK received is stored in the data storage devices such as IC-card.
(server 200)
In step S621, server 200 receives very openly parameter PP from recipient 300.The very openly parameter PP received is stored in a data storage device.
Fig. 7 gathers to associate with the dissemination method of the open parameter PK described in Fig. 6 etc. and the figure of the key information such as open parameter PK used in the concealment that sender 100 generates encoded tag, recipient 300 generates trapdoor and server 200 is retrieved.Fig. 8 is the figure making Fig. 7 become sheet form.As shown in Fig. 7, Fig. 8 etc., sender 100 uses open parameter PK=(PP, PK ') in the generation of encoded tag.Recipient 300 uses open parameter PK=(PP, PK ') and main privacy key SK in the generation of trapdoor.Server 200 only uses the very openly parameter PP in open parameter PK=(PP, PK ') in concealment retrieval.
Fig. 9 is the block diagram of the key generating device 310-1 that receiving system 300 has.As shown in Figure 9, receiving system 300 has key generating device 310-1.And key generating device 310-1 has the generation very openly very openly parameter generating unit 311 (the 1st generating unit) of parameter PP and the Protective Key generating unit 312 (the 2nd generating unit) of generation Protective Key PK '.
As mentioned above, open parameter PK is the key information used in confidential search system 1000 (Fig. 7), this confidential search system 1000 has: dispensing device 100, its generate and send enciphered data and for retrieve enciphered data encryption after keyword and encoded tag; Server 200, it receives enciphered data from dispensing device 100 and encoded tag carries out keeping, and, perform concealment retrieval according to the request of concealment retrieval; And receiving system 300, it generates trapdoor and sends it to server 200, receive the result of concealment retrieval from server 200, this trapdoor is the data suitable with the digital signature of described keyword, and is the data of asking the concealment of enciphered data to be retrieved to server 200.
And as shown in Figure 2, open parameter PK is the key information comprising very openly parameter PP and Protective Key PK '.Further, as shown in Figure 7, Figure 8, very openly parameter PP uses in the concealment retrieval that dispensing device 100 generates encoded tag, receiving system 300 generates trapdoor and server 200.Further, Protective Key PK ' generates encoded tag and receiving system 300 at dispensing device 100 and generates in trapdoor and use, but does not use in the concealment retrieval of server 200.Therefore, in key generating device 310-1, respectively by very openly parameter generating unit 311 and Protective Key generating unit 312 separately generate very openly parameter PP, Protective Key PK '.As shown in Figure 6, the very openly parameter PP separately generated only is issued from receiving system 300 to server 200.Thus, the fail safe of trapdoor improves.
Figure 10 illustrates that receiving system 300 has the figure of the situation of key generating device 310-2.Relative to key generating device 310-1, key generating device 310-2 also has the input part 313 of the open parameter PK of input.Input part 313 inputs the open parameter PK generated.Very openly parameter generating unit 311 is by extracting very openly parameter PP the open parameter PK from input part 313 input, generates very openly parameter PP.Protective Key generating unit 312, by extracting Protective Key PK ' the open parameter PK from input part 313 input, generates Protective Key PK '.According to key generating device 310-2, very openly parameter PP and Protective Key PK ' can be separated from the open parameter PK generated.Thus, the fail safe of trapdoor improves.
Figure 11 illustrates that receiving system 300 has the figure of the situation of key generating device 310-3.Relative to key generating device 310-2, key generating device 310-3 has the open parameter generating unit 314 (the 3rd generating unit) generating open parameter PK.Input part 313 inputs the open parameter PK that open parameter generating unit 314 generates.Very openly parameter generating unit 311 is by extracting very openly parameter PP the open parameter PK from input part 313 input; generate very openly parameter PP; Protective Key generating unit 312, by extracting Protective Key PK ' the open parameter PK from input part 313 input, generates Protective Key PK '.According to key generating device 310-3, the open parameter PK of open parameter generating unit 314 generation can be issued to sender 100, issue the very openly parameter PP of very openly parameter generating unit 311 generation to server 200.Thus, the fail safe of trapdoor improves.
In figure 6 the dissemination method to the open parameter PK of each entity issued in present embodiment 1 is illustrated.By taking this dissemination method, issuing open parameter PK to sender 100, only issuing the very openly parameter PP in open parameter PK to server 200.Further, in Fig. 9 ~ Figure 11, the key generating device 310-1 ~ 310-3 of the very openly parameter PP and Protective Key PK ' separately generated in open parameter PK is illustrated.Key generating device 310-1 ~ 310-3 and Protective Key PK ' separate and generate very openly parameter PP.Thus, in figure 6, very openly parameter PP can only be issued to server 200.
If utilize the above-described dissemination method (and key generating device) to the open parameter PK of each entity issued, then for the server 200 receiving trapdoor, the effect that the fail safe with trapdoor improves.Below, underdraw and produced the reason of above-mentioned effect by the dissemination method of Fig. 6.Strict Security Proof can be provided, but, omit in this manual, terminate in and illustrate intuitively.
In the existing PEKS that non-patent literature 2 is such, suppose that whole entity can obtain open parameter PK.Therefore, not only sender 100, server 200 also can obtain the Protective Key PK ' (Fig. 2) of present embodiment 1.This means that server 200 can use cryptographic algorithm to be freely encrypted suitable keyword.That is, server 200 has authority identical with sender 100.
In this situation, server 200 uses the means of the following stated, can take out the information relevant with the keyword that its inside comprises from the trapdoor received.Here, in order to easy, utilize the situation of completely the same retrieval to be described.
(1) server 200 first, receiving trapdoor from recipient 300 estimates the keyword that the inside of trapdoor may comprise.
(2) then, server 200 also uses Protective Key PK ' generation for the encoded tag of this keyword.
(3) then, trapdoor and encoded tag are applied to decipherment algorithm by server 200, find to export.If exporting is 1, then the known keyword estimated is consistent with the keyword that the inside of trapdoor comprises.If exporting is 0, then the keyword that comprises of the inside of the known keyword that estimates and trapdoor is inconsistent, and therefore, server 200 estimates next keyword, repeatedly carries out same treatment.
(4) as long as the ability of server 200 is allowed, proceed above process, thus, the candidate of keyword reduces gradually.Further, when the kind of the known keyword that will use in advance is constrained to a certain degree, by said method, the information of keyword is sooner or later completely known.Like this, from trapdoor, the information relevant with the keyword that its inside comprises is taken out.
On the other hand, if take the dissemination method of the open parameter PK shown in Fig. 6 of present embodiment 1, then above-mentioned this attack can be prevented.This is because even if server 200 estimates keyword, server 200 does not have the Protective Key PK ' found out required for this keyword yet.In addition, if observe the description of each algorithm of Fig. 3 ~ Fig. 5, then those skilled in the art can understand, even if use the means beyond encryption, still do not have the means finding out the keyword estimated.
More than to underdraw and produced the reason of the such effect of the fail safe that improves trapdoor.In addition, by taking the dissemination method of the open parameter PK shown in present embodiment 1, also producing and can reduce other such effect of the traffic between recipient 300 and server 200.
Execution mode 2
In execution mode 1, disclose the method guaranteeing the fail safe of trapdoor in the PEKS recorded at non-patent literature 2.In present embodiment 2, be disclosed in utilize non-patent literature 3 to record function type encryption as the method for fail safe guaranteeing trapdoor when PEKS.System configuration is Fig. 1.
First, the part relevant with present embodiment 2 in the algorithm of the function type encryption that non-patent literature 3 is recorded is described.After this, if be called " algorithm of the function type encryption that non-patent literature 3 is recorded ", then the algorithm that Section 4 " Proposed (Basic) IPE Scheme " of non-patent literature 3 is recorded is referred to.In addition, owing to utilizing function type to encrypt as PEKS, therefore, after a part for algorithm is changed, the algorithm after changing is recorded.Specifically, a part for encryption (Enc) algorithm and deciphering (Dec) algorithm is changed, calls it as the algorithm of simplification.Therefore, installation (Setup) algorithm and secret generating (KeyGen) algorithm are as recorded in non-patent literature 3.In order to carry out reference, the guide look of algorithm when utilizing as function type encryption about non-patent literature 2 and non-patent literature 3 shown in Figure 12 and algorithm when utilizing as PEKS.
Here, concept, mark and notation required for the explanation of present embodiment 2 are described.In addition, in order to easy, only consider symmetrical situation of matching group equally with non-patent literature 3.Further, group operatione is described with multiplication form.
(1) set q as prime number.
(2) set the limited body of figure place q as F q.
(3) set the symmetry pairing group of figure place q as G.
(4) set the generator of G as g.
(5) set pairing computing on G as e:G × G → G t.
Here, G tit is the cyclic group of the figure place q after pairing computing.
(6) set by symmetry match biconjugate that the direct product (direct product of symmetric pairing groups) of group forms match vector space (DPVS:Dual Pairing Vector Space) as V=G × ... × G.
(7) when V is the DPVS of N dimension, the Standard basis of V is expressed as A=(a 0..., a n-1).
Here, a i(i=0 ..., N-1) be by
[several 6]
The vector of the N dimension formed.
(8) establish by F qon random number form N regular matrix be X=(X i, j).
(9) the random base XA obtained being multiplied by X to A is expressed as B=(b 0..., b n-1).
That is,
[several 7]
b i = Σ j = 0 N - 1 X i , j a j
B i(i=0 ..., N-1) be respectively N dimension vector.
(10) transposed inverse matrix (X to X is established t) -1be multiplied by random number ψ and the matrix obtained is θ=(θ i, j)=ψ (X t) -1.
(11) basis representation obtained being multiplied by θ to A is B *=(b * 0..., b * n-1).
That is,
[several 8]
b * i = Σ j = 0 N - 1 θ i , j a j .
B * i(i=0 ..., N-1) is the vector of N dimension respectively.By B *be called the biconjugate base of B.
(12) about random base B, will with F qon vector x =(x 0..., x n-1) ∈ F q nfor the linear coupling of coefficient is expressed as (x 0..., x n-1) b.
That is,
[several 9]
( x 0 , . . . , x N - 1 ) B = Σ i = 0 N - 1 x i b i .
(13) same, about the biconjugate base B of B *, will with F qon vector v =(v 0..., v n-1) ∈ F q nfor the linear coupling of coefficient is expressed as (v 0..., v n-1) b*.
That is,
[several 10]
( v 0 , . . . , v N - 1 ) B * = Σ i = 0 N - 1 v i b * i .
(14) by the vector g=(g of 2 on V 0..., g n-1) and h=(h 0..., h n-1) pairing computing be expressed as e (g, h).
That is,
[several 11]
e ( g , h ) = Π i = 0 N - 1 e ( g i , h i ) .
(structure of PK, SK)
Then, the open parameter PK using Figure 13 to generate the installation algorithm performed in the algorithm of the function type encryption that non-patent literature 3 is recorded and the structure of main privacy key SK are described.
Figure 13 illustrates the structure of open parameter PK in present embodiment 2 and main privacy key SK.Same with execution mode 1, the situation that recipient 300 generates open parameter PK and main privacy key SK is described above.
In fig. 13, same with execution mode 1, open parameter PK is formed by really disclosing parameter PP and Protective Key PK '.Very openly parameter PP is PP=(q, V, G t, A, e, g t).
Here,
(1) q represents prime number,
(2) V represents the biconjugate pairing vector space of 4n+2 dimension (dimension of the predicate vector used when n is and generates encoded tag and generate trapdoor),
(3) G trepresent the cyclic group of the figure place q after pairing computing,
(4) A represents the Standard basis of V,
(5) e represents pairing computing,
(6) g trepresent G tgenerator.
Further, Protective Key PK ' is by B^=(b 0..., b n, b 4n+1) form.
In addition, " ^ " of B^ represents that the part using above-mentioned base B generates.
Further, main privacy key SK is by B *^=(b * 0..., b * n, b * 3n+1..., b * 4n) form.
In addition, B *" ^ " of ^ represents the above-mentioned base B of use *a part generate.
In addition, their algorithm G of being recorded by non-patent literature 3 ob(λ, 4n+2) generates.
(generating algorithm of encoded tag)
Then, the algorithm in the algorithm of the function type encryption that non-patent literature 3 is recorded, sender 100 utilizes when generating encoded tag encrypts the order of (Enc) algorithm to use Figure 14 to illustrate.Therefore, the subject of the action of Figure 14 is sender's (dispensing device).When generating encoded tag, sender 100 uses the open parameter PK (PP and PK ' both sides) of the Figure 13 issued from recipient 300 to generate encoded tag.In addition, owing to utilizing function type to encrypt as PEKS, therefore, after a part for algorithm is changed, the algorithm after changing is recorded.
Figure 14 is the flow chart of the order that encryption (Enc) algorithm is shown.
In fig. 14, sender 100 wishes property vector x =(x 1, x 2..., x n) ∈ F q nbe encrypted and generate encoded tag.
Here, property vector x ∈ F q nbeing the data corresponding with the keyword that will encrypt, is according to carrying out the content of the retrievals such as completely the same retrieval, AND retrieval, OR retrieval and the data that take various forms.
Such as when the completely the same retrieval of 1 keyword, x =(1, keyword).
(1) now, first, in step S901, sender 100 is from F qmiddle Stochastic choice ω,
(2) then, in step S902, sender 100 exports
[several 12]
As encoded tag.
In the order of this encryption (Enc) algorithm, need the open parameter PK of Figure 13 when performing step S901 or step S902.The Protective Key PK ' in open parameter PK is particularly needed when performing step S902.
(generation of trapdoor)
Then, use Figure 15 that the algorithm in the algorithm of the function type encryption that non-patent literature 3 is recorded, recipient 300 utilizes when generating trapdoor and the order of secret generating (KeyGen) algorithm are shown.Therefore, the subject of the action of Figure 15 is recipient's (receiving system).Recipient 300 uses the open parameter PK shown in Figure 13 (PP, PK ' both sides) and main privacy key SK to generate trapdoor.
Figure 15 is the flow chart of the order that secret generating (KeyGen) algorithm is shown.
In fig .15, recipient 300 wishes predicate vector v =(v 1, v 2..., v n) ∈ F q ncarry out digital signature and generate trapdoor.
Here, predicate vector v ∈ F q nbeing the data corresponding with the keyword that will retrieve, is according to carrying out the content of the retrievals such as completely the same retrieval, AND retrieval, OR retrieval and the data that take various forms.
Such as when the completely the same retrieval of 1 keyword, v =(keyword, N-1).
(1) now, first, in step S1001, recipient 300 is from F qmiddle Stochastic choice σ.
(2) then, in step S1002, recipient 300 is from F q nmiddle Stochastic choice η .
(3) last, in the step s 1003, recipient 300 exports
[several 13]
As trapdoor.
(the concealment retrieval of server 200)
Then, the algorithm using Figure 16 to illustrate that server 200 utilizes when performing concealment retrieval deciphers the order of (Dec) algorithm.Therefore, the subject of the action of Figure 16 is server 200.In the concealment retrieval of server 200, same with execution mode 1, server 200, according to send from recipient trapdoor, performs concealment retrieval respectively to the multiple encoded tags sent from sender.When this concealment is retrieved, need the very openly parameter PP in open parameter PK (Figure 13).This point of Protective Key PK ' can not had in the concealment retrieval of server 200 identical with execution mode 1.In addition, owing to utilizing function type to encrypt as PEKS, therefore, after a part for algorithm is changed, the algorithm after changing is recorded.
Figure 16 is the flow chart of the order that deciphering (Dec) algorithm is shown.
(1) in figure 16, first, in step S1101, server 200 calculates T=e (C, k*).
(2) then, in step S1102, server 200 judges whether it is T=g t.If T=g t, then in step S1103, return 1 and terminate.If not T=g t, then in step S1104, return 0 and terminate.
In the order of this deciphering (Dec) algorithm, need the open parameter PK of Figure 13 when performing step S1101 and S1102.But the part just disclosing the very openly parameter PP in parameter PK of needs, does not need the part of Protective Key PK '.Above the part relevant with present embodiment 2 in the algorithm of the function type encryption that non-patent literature 3 is recorded is illustrated.
(dissemination method to the open parameter PK of each entity issued)
Then, the dissemination method to the open parameter PK of each entity issued in execution mode 2 is described.The dissemination method to the open parameter PK of each entity issued in execution mode 2 is identical with Fig. 6 of execution mode 1.That is, in figure 6, by step S601 ~ step S603 and step S611 and step S621, issue open parameter PK to each sender 100, issue very openly parameter PP to server 200.Be with the difference of execution mode 1, the difference of the particular content of open parameter PK, this difference due to the algorithm described causes.
Further, Fig. 9 ~ key generating device 310-1 ~ 310-3 illustrated in fig. 11 of execution mode 2 can be applied to execution mode 2 certainly.Open parameter PK in this situation is the open parameter PK of Figure 13.
If take the dissemination method to the open parameter PK of each entity issued described in above execution mode 2, then when the function type encryption using non-patent literature 3 to record is as PEKS, for the server 200 receiving trapdoor, there is the effect of the fail safe improving trapdoor.
Further, by taking the dissemination method of the open parameter PK shown in present embodiment 2, also there is the effect of the traffic that can reduce between recipient 300 and server 200.
Above, in execution mode 1 and execution mode 2, respective content is described.In a word, the invention in above execution mode is provided for the conventional method of the fail safe guaranteeing trapdoor in PEKS.Namely, the algorithm that invention in above execution mode is provided for the function type encryption of the non-patent literature 3 taked in the algorithm or execution mode 2 of the PEKS using in execution mode 1 non-patent literature 2 taked is as PEKS, guarantee the conventional method of the fail safe of trapdoor.
In addition, the invention in above execution mode 1, execution mode 2 is not limited to non-patent literature 2 and non-patent literature 3, and those skilled in the art can easily understand, can be applied to the various algorithms being generally known as PEKS or function type encryption.And; those skilled in the art can also easily understand; when using function type encryption as PEKS; there is the effect of the fail safe guaranteeing trapdoor; but; when being used as function type encryption itself, there is the effect can protecting the information relevant with the authority of the decruption key of user.
Execution mode 3
With reference to Figure 17, Figure 18, execution mode 3 is described.Execution mode 3 is described the hardware configuration as the dispensing device 100 of computer, receiving system 300, server 200.Because dispensing device 100, receiving system 300, server 200 are identical computer, therefore, in the following description, suppose that receiving system 300 is described.The explanation of receiving system 300 is also suitable for dispensing device 100, server 200.
Figure 17 is the figure of an example of the outward appearance of the receiving system 300 illustrated as computer.Figure 18 is the figure of an example of the hardware resource that receiving system 300 is shown.
In Figure 17 that outward appearance is shown, receiving system 300 has the hardware resource such as the display unit 813 with display frame, keyboard 814 (KeyBoard:K/B), mouse 815, mini disk device 818 (CDD:Compact Disk Drive) of system unit 830, CRT (CathodeRayTube) or LCD (liquid crystal), and they utilize cable or holding wire to connect.System unit 830 is connected to the network.
Further, in Figure 18 that hardware resource is shown, receiving system 300 has the CPU810 (CentralProcessing Unit) of executive program.CPU810 is connected with ROM (Read Only Memory) 811, RAM (Random Access Memory) 812, display unit 813, keyboard 814, mouse 815, communication board 816, CDD818, disk set 820 via bus 825, controls these hardware devices.Replacing disk set 820, also can be the storage device such as optical disc apparatus, flash memory.
RAM812 is an example of volatile memory.The storage mediums such as ROM811, CDD818, disk set 820 are examples for nonvolatile memory.They are examples for " storage device " or storage part, reservoir, buffer.Communication board 816, keyboard 814 etc. are examples of input part, input unit.Further, communication board 816, display unit 813 etc. are examples of efferent, output device.Communication board 816 is connected to the network.
Operating system 821 (OS), windows system 822, program groups 823, file group 824 is stored in disk set 820.The program of program groups 823 is performed by CPU810, operating system 821, windows system 822.
The program performing the function illustrated as " ~ portion " in the explanation of above execution mode is stored in said procedure group 823.Program is read by CPU810 and performs.
Information, data, signal value, variate-value, the parameter etc. such as " ~ result of determination ", " ~ result of calculation ", " ~ extraction result ", " ~ generation result ", " ~ result " projects as " ~ file ", " ~ database " are stored in file group 824." ~ file ", " ~ database " are stored in the recording mediums such as dish or memory.The information stored in dish or the storage medium such as memory, data, signal value, variate-value, parameter read in main storage or cache memory via read/write circuit by CPU810, for extracting, retrieving, with reference to, compare, computing, calculating, process, output, printing, display etc. the action of CPU.Extract, retrieval, with reference to, compare, computing, calculating, process, output, printing, display CPU action during in, information, data, signal value, variate-value, parameter are temporarily stored in main storage, cache memory, buffer storage.
And, in the explanation of above-described execution mode, data, signal value are recorded in the recording medium such as disk, other CD, mini-disk, DVD (DigitalVersatileDisk) of the memory of RAM812, the mini disk of CDD818, disk set 820.Further, data, signal is transmitted online by bus 825, holding wire, cable and other transmission medium.
Further, in the explanation of above execution mode, the part be described as " ~ portion " also can be " ~ unit ", and, can also be " ~ step ", " ~ sequentially ", " ~ process ".That is, the part illustrated as " ~ portion " by the combination of only software or software restraint and can be implemented with the combination of firmware.Firmware and software are stored in the recording mediums such as disk, floppy disk, CD, mini disk, mini-disk, DVD as program.Program is read by CPU810 and is performed by CPU810.That is, program makes computer play function as above-described " ~ portion ".Or make computer perform order or the method in above-described " ~ portion ".
Describe receiving system 300 etc. in the above embodiment, but according to above explanation, receiving system 300 (key generating device) can be grasped as key generation procedure certainly.
Describe following key generating device in the above embodiment.The open parameter that point to come true and Protective Key are to generate the key generating device of the open parameter of function type encryption or PEKS.
Describe following key generating device in the above embodiment.The key generating device of come true open parameter and Protective Key is divided by the existing openly parameter of function type encryption or PEKS.
Describe following open parameter dissemination method in the above embodiment.Issue very openly parameter and Protective Key to sender 100, but only issue the open parameter dissemination method of very openly parameter to server unit.
Label declaration
1000: confidential search system; 100,101-1,100-n: dispensing device; 200: server; 300: receiving system; 310-1,310-2,310-3: key generating device; 311: very openly parameter generating unit; 312: Protective Key generating unit; 313: input part; 314: open parameter generating unit; 400: network.

Claims (9)

1. a key generating device, is characterized in that, this key generating device has:
1st generating unit, it generates the key information used in confidential search system and namely discloses the very openly parameter PP comprised in parameter PK; And
2nd generating unit, it separates with the described very openly parameter PP generated by described 1st generating unit the Protective Key PK ' generating and comprise in described open parameter PK,
Described confidential search system has:
Dispensing device, its generate and send enciphered data and for retrieve described enciphered data encryption after keyword and encoded tag;
Server unit, it receives described enciphered data from described dispensing device and described encoded tag carries out keeping, and, perform described concealment retrieval according to the request of concealment retrieval; And
Receiving system, it generates trapdoor and sends it to described server unit, the result of described concealment retrieval is received from described server unit, this trapdoor is the data suitable with the digital signature of described keyword, and be the data of the described concealment retrieval to enciphered data described in described server unit request
Described key information comprises:
At described dispensing device, described keyword is encrypted, described receiving system generates described trapdoor, described very openly parameter PP that described server unit uses when carrying out described concealment retrieval; And
At described dispensing device, described keyword is encrypted, described Protective Key PK ' that described receiving system uses when generating described trapdoor.
2. key generating device according to claim 1, is characterized in that,
Described key generating device also has the input part of the described open parameter PK of input,
Described 1st generating unit extracts described very openly parameter PP by described the disclosing in parameter PK inputted from described input part, generates described very openly parameter PP,
Described 2nd generating unit extracts described Protective Key PK ' by described the disclosing in parameter PK inputted from described input part, generates described Protective Key PK '.
3. key generating device according to claim 2, is characterized in that,
Described key generating device also has the 3rd generating unit generating described open parameter PK,
The described open parameter PK that described 3rd generating unit of described input part input generates.
4. a key generation procedure, wherein, this key generation procedure is used for making computer as following portions educe function:
1st generating unit, it generates the key information used in confidential search system and namely discloses the very openly parameter PP comprised in parameter PK; And
2nd generating unit, it separates with the described very openly parameter PP generated by described 1st generating unit the Protective Key PK ' generating and comprise in described open parameter PK,
Described confidential search system has:
Dispensing device, its generate and send enciphered data and for retrieve described enciphered data encryption after keyword and encoded tag;
Server unit, it receives described enciphered data from described dispensing device and described encoded tag carries out keeping, and, perform described concealment retrieval according to the request of concealment retrieval; And
Receiving system, it generates trapdoor and sends it to described server unit, the result of described concealment retrieval is received from described server unit, this trapdoor is the data suitable with the digital signature of described keyword, and be the data of the described concealment retrieval to enciphered data described in described server unit request
Described key information comprises:
At described dispensing device, described keyword is encrypted, described receiving system generates described trapdoor, described very openly parameter PP that described server unit uses when carrying out described concealment retrieval; And
At described dispensing device, described keyword is encrypted, described Protective Key PK ' that described receiving system uses when generating described trapdoor.
5. a confidential search system, this confidential search system has:
Dispensing device, its generate and send enciphered data and for retrieve described enciphered data encryption after keyword and encoded tag;
Server unit, it receives described enciphered data from described dispensing device and described encoded tag carries out keeping, and, perform described concealment retrieval according to the request of concealment retrieval; And
Receiving system, it generates trapdoor and sends it to described server unit, the result of described concealment retrieval is received from described server unit, this trapdoor is the data suitable with the digital signature of described keyword, and be the data of the described concealment retrieval to enciphered data described in described server unit request
The feature of described confidential search system is,
Described receiving system has key generating device, and this key generating device has:
1st generating unit, it generates the key information used in described confidential search system and namely discloses the very openly parameter PP comprised in parameter PK; And
2nd generating unit, it separates with the described very openly parameter PP generated by described 1st generating unit the Protective Key PK ' generating and comprise in described open parameter PK,
Described key information comprises:
At described dispensing device, described keyword is encrypted, described receiving system generates described trapdoor, described very openly parameter PP that described server unit uses when carrying out described concealment retrieval; And
At described dispensing device, described keyword is encrypted, described Protective Key PK ' that described receiving system uses when generating described trapdoor.
6. confidential search system according to claim 5, is characterized in that,
Described server unit only issues the described described very openly parameter PP really disclosed in parameter PP and described Protective Key PK ' that described key generating device generates.
7. the confidential search system according to claim 5 or 6, is characterized in that,
The described Protective Key PK ' that described 2nd generating unit that described dispensing device is supplied to described key generating device to generate generates.
8. the confidential search system according to claim 5 or 6, is characterized in that,
The described Protective Key PK ' that described 2nd generating unit that described dispensing device is supplied to described key generating device via the electronic notice board that only described dispensing device can be read generates.
9. a cipher key distribution method, is characterized in that,
Namely the key information used in dispensing device issue confidential search system is disclosed to very openly parameter PP and the Protective Key PK ' both sides in parameter PK,
Described very openly parameter PP is only issued to server unit,
Described confidential search system has:
Described dispensing device, its generate and send enciphered data and for retrieve described enciphered data encryption after keyword and encoded tag;
Described server unit, it receives described enciphered data from described dispensing device and described encoded tag carries out keeping, and, perform described concealment retrieval according to the request of concealment retrieval; And
Receiving system, it generates trapdoor and sends it to described server unit, the result of described concealment retrieval is received from described server unit, this trapdoor is the data suitable with the digital signature of described keyword, and be the data of the described concealment retrieval to enciphered data described in described server unit request
Described key information comprises:
At described dispensing device, described keyword is encrypted, described receiving system generates described trapdoor, described very openly parameter PP that described server unit uses when carrying out described concealment retrieval; And
At described dispensing device, described keyword is encrypted, described Protective Key PK ' that described receiving system uses when generating described trapdoor.
CN201380059312.3A 2013-01-12 2013-01-12 Key generating device, confidential search system and cipher key distribution method Active CN104798339B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2013/050495 WO2014109066A1 (en) 2013-01-12 2013-01-12 Key generation device, key generation program, concealed data search system, and key distribution method

Publications (2)

Publication Number Publication Date
CN104798339A true CN104798339A (en) 2015-07-22
CN104798339B CN104798339B (en) 2018-06-01

Family

ID=51166733

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201380059312.3A Active CN104798339B (en) 2013-01-12 2013-01-12 Key generating device, confidential search system and cipher key distribution method

Country Status (5)

Country Link
US (1) US9237137B2 (en)
EP (1) EP2945313B1 (en)
JP (1) JP5836506B2 (en)
CN (1) CN104798339B (en)
WO (1) WO2014109066A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106603636A (en) * 2016-11-29 2017-04-26 中国银联股份有限公司 Error transaction standardization method and device
CN109416894A (en) * 2016-07-06 2019-03-01 日本电信电话株式会社 Secure computing system, secret computing device, secret calculation method and program
CN111066076A (en) * 2017-09-12 2020-04-24 三菱电机株式会社 Registration terminal, search server, search system, registration program, and search program
CN111602127A (en) * 2018-01-17 2020-08-28 三菱电机株式会社 Data management device, search device, registration device, data management method, and data management program
CN112074889A (en) * 2018-05-15 2020-12-11 三菱电机株式会社 Secret search device and secret search method
CN113518991A (en) * 2019-01-10 2021-10-19 日本电信电话株式会社 Secret array access device, secret array access method, and program

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013111284A1 (en) 2012-01-25 2013-08-01 三菱電機株式会社 Data search device, data search method, data search program, data registration device, data registration method, data registration program and information processing device
JP5963936B2 (en) 2013-02-25 2016-08-03 三菱電機株式会社 Server device, secret search program, recording medium, and secret search system
JP6228912B2 (en) * 2014-12-18 2017-11-08 日本電信電話株式会社 Blind secret key issuing system, blind data retrieval system, these methods, key generation server, decryption device, and program
CN107251479B (en) * 2015-02-20 2020-08-11 三菱电机株式会社 Data storage device and data processing method
CN105490807A (en) * 2016-01-04 2016-04-13 成都卫士通信息产业股份有限公司 VPN device capable of destroying a key when a cover is opened
US11032251B2 (en) * 2018-06-29 2021-06-08 International Business Machines Corporation AI-powered cyber data concealment and targeted mission execution
CN112861153B (en) * 2021-02-10 2024-10-15 华中科技大学 Keyword searchable delayed encryption method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011141472A (en) * 2010-01-08 2011-07-21 Mitsubishi Electric Corp Encryption processing system, key generating device, key transfer device, encrypting device, decrypting device, encryption processing method, and encryption processing program
WO2012098649A1 (en) * 2011-01-18 2012-07-26 三菱電機株式会社 Encryption system, encryption processing method for encryption system, encryption device, encryption program, decryption device, decryption program, setup device, setup program, key generation device, key generation program, key assignment device and key assignment program
CN102713995A (en) * 2010-01-15 2012-10-03 三菱电机株式会社 Confidential search system and encryption processing system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007235659A (en) 2006-03-02 2007-09-13 Mebius Corp Key management method, encryption processing method, electronic signature method, and access management method
JP2007318583A (en) 2006-05-29 2007-12-06 Sony Ericsson Mobilecommunications Japan Inc Content reproducing apparatus
US8520842B2 (en) * 2010-01-07 2013-08-27 Microsoft Corporation Maintaining privacy during user profiling
JP5424974B2 (en) 2010-04-27 2014-02-26 三菱電機株式会社 Cryptographic processing system, key generation device, encryption device, decryption device, signature processing system, signature device, and verification device
JP5400740B2 (en) 2010-10-05 2014-01-29 日本電信電話株式会社 Searchable encryption system, searchable encryption method, storage device, search device, and registrant device
JP2012098649A (en) 2010-11-05 2012-05-24 Nippon Shokubai Co Ltd Brightness enhanced film

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011141472A (en) * 2010-01-08 2011-07-21 Mitsubishi Electric Corp Encryption processing system, key generating device, key transfer device, encrypting device, decrypting device, encryption processing method, and encryption processing program
CN102713995A (en) * 2010-01-15 2012-10-03 三菱电机株式会社 Confidential search system and encryption processing system
WO2012098649A1 (en) * 2011-01-18 2012-07-26 三菱電機株式会社 Encryption system, encryption processing method for encryption system, encryption device, encryption program, decryption device, decryption program, setup device, setup program, key generation device, key generation program, key assignment device and key assignment program

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
DAN BONEH: ""public key encryption thea allows pir queries"", 《ADVANCES IN CRYPTOLOGY-CCRYPTO 2007》 *
JAN CAMENISCH: ""blind and anonymous identity-based encryption and anthorised private searches on public key encrypted data"", 《PUBLIC KEY CRYPTOGRAPHY - PKC 2009》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109416894A (en) * 2016-07-06 2019-03-01 日本电信电话株式会社 Secure computing system, secret computing device, secret calculation method and program
CN106603636A (en) * 2016-11-29 2017-04-26 中国银联股份有限公司 Error transaction standardization method and device
CN111066076A (en) * 2017-09-12 2020-04-24 三菱电机株式会社 Registration terminal, search server, search system, registration program, and search program
CN111602127A (en) * 2018-01-17 2020-08-28 三菱电机株式会社 Data management device, search device, registration device, data management method, and data management program
CN111602127B (en) * 2018-01-17 2023-05-16 三菱电机株式会社 Data management device, data management method, and computer-readable storage medium
CN112074889A (en) * 2018-05-15 2020-12-11 三菱电机株式会社 Secret search device and secret search method
CN112074889B (en) * 2018-05-15 2023-07-04 三菱电机株式会社 Hidden search device and hidden search method
CN113518991A (en) * 2019-01-10 2021-10-19 日本电信电话株式会社 Secret array access device, secret array access method, and program
CN113518991B (en) * 2019-01-10 2024-05-28 日本电信电话株式会社 Secret array access device, secret array access method, and recording medium

Also Published As

Publication number Publication date
WO2014109066A1 (en) 2014-07-17
EP2945313B1 (en) 2017-09-06
EP2945313A4 (en) 2016-09-07
US20150207782A1 (en) 2015-07-23
JP5836506B2 (en) 2015-12-24
EP2945313A1 (en) 2015-11-18
JPWO2014109066A1 (en) 2017-01-19
US9237137B2 (en) 2016-01-12
CN104798339B (en) 2018-06-01

Similar Documents

Publication Publication Date Title
CN104798339A (en) Key generation device, key generation program, secret search system, and key distribution method
CN101340279B (en) Method, system and apparatus for data ciphering and deciphering
JP6363032B2 (en) Key change direction control system and key change direction control method
CN113569271B (en) Threshold proxy re-encryption method based on attribute condition
EP3375129A1 (en) Method for re-keying an encrypted data file
US10250576B2 (en) Communication of messages over networks
CN107040374B (en) Attribute-based data encryption method supporting user dynamic revocation in cloud storage environment
CN111163036B (en) Data sharing method, device, client, storage medium and system
CN109543434B (en) Block chain information encryption method, decryption method, storage method and device
JP5047638B2 (en) Ciphertext decryption right delegation system
KR101615137B1 (en) Data access method based on attributed
JP6049914B2 (en) Cryptographic system, key generation device, and re-encryption device
CN111431710B (en) Encryption method and device allowing sender to look up and third party to supervise
CN112000985B (en) Proxy re-encryption method and system with specified conditional keyword search function
JPWO2018016330A1 (en) Communication terminal, server device, program
CN112235299A (en) Data encryption and decryption method, device, equipment, system and medium
JP6033741B2 (en) Encryption key update system and method
CN104901968A (en) Method for managing and distributing secret keys in secure cloud storage system
CN111277605B (en) Data sharing method and device, computer equipment and storage medium
JP4328748B2 (en) Key update method, key-isolated encryption system, and terminal device
JPWO2018043466A1 (en) Data extraction system, data extraction method, registration device and program
JPWO2014109059A1 (en) Data encryption storage system
CN107872312B (en) Method, device, equipment and system for dynamically generating symmetric key
KR102526114B1 (en) Apparatus and method for encryption and decryption
KR20220000537A (en) System and method for transmitting and receiving data based on vehicle network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant